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IN THE CLAIMS: 

1 1-5 (CANCELLED) 

1 6. (PREVIOUSLY PRESENTED) A method for creating and maintaining a plurality of 

2 virtual servers within a server, the method comprising the steps of: 

3 partitioning resources of the server to establish an instance of each virtual server 

4 by allocating units of storage and network addresses of network interfaces of the server to 

5 each instance of the virtual server, and sharing an operating system and a file system of 

6 the server among all of the virtual servers; 

7 enabling controlled access to the resources using logical boundary checks and se- 

8 curity interpretations of those resources within the server; and 

9 providing a vfiler context structure including information pertaining to a security 
ro domain of the vfiler. 

1 7. (ORIGINAL) The method of Claim 6 wherein the step of allocating comprises the step 

2 of providing a vfstore list of the vfiler context structure, the vstore list comprising point- 

3 ers to vfstore soft objects, each having a pointer that references a path to a unit of storage 

4 allocated to the vfiler. 

1 8. (ORIGINAL) The method of Claim 7 wherein the step of allocating further comprises 

2 the step of providing a vfnet list of the vfiler context structure, the vfhet list comprising 
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3 pointers to vfhet soft objects, each having a pointer that references an interface address 

4 data structure representing a network address assigned to the vfiler. 

1 9. (ORIGINAL) The method of Claim 8 wherein the step of enabling further comprises 

2 the step of performing a vfiler boundary check to verify that a vfiler is allowed to access 

3 certain storage resources of the filer. 

1 10. (ORIGINAL) The method of Claim 9 wherein the step of performing comprises the 

2 step of validating a file system identifier and qtree identifier associated with the units of 

3 storage. 

1 11. (ORIGINAL) The method of Claim 1 0 wherein the step of performing further com- 

2 prises the steps of: 

3 for each request to access a unit of storage, using the identifiers to determine 

4 whether the vfiler is authorized to access the unit of storage; 

s if the vfiler is not authorized to access the requested unit of storage, immediately 

6 denying the request; 

7 otherwise, allowing the request; and 

8 generating file system operations to process the request. 

12. (CANCELLED) 
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1 13. (PREVIOUSLY PRESENTED) A system adapted to create and maintain a plurality 

2 of virtual servers within a server, the system comprising: 

3 storage media configured to store information as units of storage resources, the 

4 units of storage resources allocated among each of the virtual servers; 

5 network interfaces assigned one or more network address resources, the network 

6 address resources allocated among each of the virtual servers; 

7 an operating system having a file system resource adapted to perform a boundary 

8 check to verify that a request is allowed to access to certain units of storage resources on 

9 the storage media, each virtual server allowed shared access to the file system; 

10 a context data structure provided to each virtual server, the context data structure 
n including information pertaining to a security domain of the virtual server that enforces 

12 controlled access to the allocated and shared resources; and 

13 a processing element coupled to the network interfaces and storage media, and 

14 configured to execute the operating and file systems to thereby invoke network and stor- 

15 age access operations in accordance with results of the boundary check of the file system. 



1 14. (ORIGINAL) The system of Claim 13 wherein the units of storage resources are vol- 

2 umes and qtrees. 

1 15. (ORIGINAL) The system of Claim 14 further comprising a plurality of table data 

2 structures accessed by the processing element to implement the boundary check, the table 

3 data structures including a first table having a plurality of first entries, each associated 

4 with a virtual server and accessed by a file system identifier (fsid) functioning as a first 
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5 key into the table, each first entry of the first table denoting a virtual server that com- 

6 pletely owns a volume identified by the fsid. 

1 16. (ORIGINAL) The system of Claim 15 wherein the table data structures further in- 

2 elude a second table having a plurality of second entries, each associated with a virtual 

3 server and accessed by a second key consisting of an fsid and a qtree identifier (qtreeid), 

4 each second entry of the second table denoting a virtual server that completely owns a 

5 qtree identified by the fsid and qtreeid. 

1 17. (ORIGINAL) The system of Claim 16 wherein the server is a filer and wherein the 

2 virtual servers are virtual filers. 

l 18. (CANCELLED) 

i 19. (CANCELLED) 

1 20. (PREVIOUSLY PRESENTED) Apparatus adapted to create and maintain a plurality 

2 of virtual filers (vfilers) within a filer, the apparatus comprising: 

3 means for allocating dedicated resources of the filer to each vfiler; 

4 means for sharing common resources of the filer among all of the vfilers; and 

5 means for enabling controlled access to the dedicated and shared resources using 

6 logical boundary checks and security interpretations of those resources within the 
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server and for providing a vfiler context structure including information pertain- 
ing to a security domain of the vfiler. 

21. (CANCELLED) 

22. (CANCELLED) 

23. (PREVIOUSLY PRESENTED) A computer readable medium containing executable 
program instructions for creating and maintaining a plurality of virtual filers (vfilers) 
within a filer, the executable program instructions comprising program instructions for: 

allocating dedicated resources of the filer to each vfiler; 

sharing common resources of the filer among all of the vfilers; and 

enabling access to the dedicated and shared resources using logical boundary checks and 
security interpretations of those resources within the server andj>roviding a vfiler context 
structure including information pertaining to a security domain of the vfiler. 

24. (CANCELLED) 

25. (CANCELLED) 
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